San Francisco, California—The Electronic Frontier Foundation (EFF) sued the Justice Department today to obtain records that can shed light on whether the FBI is complying with a Congressional mandate that it periodically review and lift National Security Letter (NSL) gag orders that are no longer needed.

The FBI has issued as many as 500,000 NSLs since 2003. Despite Congress requiring the FBI in 2015 to review and terminate unwarranted gag orders, only a handful of companies and individuals have publicly disclosed receiving an NSL after being notified the FBI terminated the gag orders.

NSLs are secret FBI demands to phone companies and Internet service providers for data about their customers’ communications and online activity. The letters are not subject to any meaningful oversight or court review and almost always come with a gag order. Companies receiving the letters are barred from telling customers their data is being sought and banned from publicly acknowledging or otherwise discussing the letters, potentially indefinitely.

Following a ruling in EFF’s lawsuit that NSL gags are unconstitutional, Congress enacted reforms in 2015 that require the bureau to review NSLs to determine whether the gag orders are still necessary, and terminate those that are not. The FBI established procedures under which a record keeping system generates reminders—when an NSL investigation closes or reaches the three-year anniversary of its initiation—that the gag order should be reviewed for possible termination.

EFF sent a FOIA request to the FBI in September seeking records about the number of NSLs reviewed under these procedures, the number of reminders generated, the number of termination notices sent to NSL recipients, and how long it takes for a review to begin after a reminder is generated. In March the FBI said it had no such records. In a complaint filed today in San Francisco, EFF asked a court to order the FBI to disclose the requested records.

“Unilateral, indefinite NSL gag orders violate the First Amendment rights of individuals and companies to speak out about government surveillance and inform customers about FBI demands for their data. The bureau’s procedures for lifting gag orders that are no longer needed do not fully address these constitutional concerns. Nevertheless, the public has an interest in knowing whether these procedures are being followed, and our FOIA request seeks to shed light on if the FBI is doing so,” said Andrew Crocker, EFF Staff Attorney.

“We would have expected the FBI to respond to our FOIA request with records about the gag orders that we know have been lifted. The FBI’s response that it has no such records raises serious questions about whether the bureau is following Congress’ command to review NSL gag orders,” said Aaron Mackey, EFF Frank Stanton Legal Fellow. “Gagging NSL recipients indefinitely is a draconian and overzealous use of surveillance power that prevents discussion and debate about government spying tools.”

Related Updates

Law enforcement access to data is in the middle of a profound shake-upacross the globe. States are pushing to get quicker, deeper, and more invasive access to personal data stored on the global Internet, and are looking to water down the international safeguards around privacy and due...

California Governor Gavin Newsom, in his first State of the State Address, called for a “Data Dividend” (what some are calling a “digital dividend”) from big tech. It’s notyetclear what form this dividend will take. We agree with Governor Newsom...

EFF joined a letter to Secretary of State Mike Pompeo opposing a proposal to deploy stronger vetting procedures against Chinese students intending to study in the United States because the procedures would threaten the free speech interests of both Chinese students and their American associates. Reuters...

The way we design user interfaces can have a profound impact on the privacy of a user’s data. It should be easy for users to make choices that protect their data privacy. But all too often, big tech companies instead design their products to manipulate users into surrendering their data...

France’s data protection authority is first out the gate with a big decision regarding a high-profile tech company, and every other enforcer in Europe is taking notes. On January 21, France’s CNIL fined Google 50 million Euros for breaches of the General Data Protection Regulation (GDPR)...

Imagine this: an enormous tech company is tracking what you do on your phone, even when you’re not using any of its services, down to the specific images that you see. It’s also tracking all of your network traffic, because you’re installing one of its specially-designed routers. And even though...

Since even before he took office, President Trump has called for a physical wall along the southern border of the United States. Manydifferentorganizations have argued this isn’t a great idea. In response, some Congressional Democrats have suggested turning to surveillance...